httpd: ap_get_basic_auth_pw() authentication bypass

It was discovered that the use of httpd's apgetbasicauthpw API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd...

WordPress Wunderbar Basic 1.1.3 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Credit Ricardo Sanchez Vulnerable Wunderbar Basic 1.1.3 Wunderbar Basic is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

PHP Scripts Mall Basic B2B Script SQL Injection Vulnerability

PHP Scripts Mall Basic B2B Script is a set of PHP-based B2B2 business-to-business transactional website scripts from PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Basic B2B Script version 2.0.8. A remote attacker can exploit the vulnerability by sending the 'id'...

WordPress Wunderbar Basic 1.1.3 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Wunderbar Basic 1.1.3 Wunderbar Basic is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script cod...

CVE-2017-17600

Basic B2B Script 2.0.8 has SQL Injection via the productdetails.php id parameter...

Sql injection

Basic B2B Script 2.0.8 has SQL Injection via the productdetails.php id parameter...

CVE-2017-17600

CVE-2017-17600 affects Basic B2B Script 2.0.8, with a SQL Injection vulnerability via the id parameter in product_details.php. The root cause is unsafe handling of the id input that enables injection of SQL commands. This vulnerability has a high impact in CVSS terms (confidentiality, integrity, ...

Check_MK < 1.2.8p25, 1.4.x < 1.4.0p9 XSS Vulnerability

CheckMK is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk"; i...

CVE-2017-11507

A cross site scripting XSS vulnerability exists in CheckMK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the outputformat parameter, and the username parameter of failed HTTP basic authentication...

CVE-2017-11507

A cross site scripting XSS vulnerability exists in CheckMK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the outputformat parameter, and the username parameter of failed HTTP basic authentication...

Cross site scripting

A cross site scripting XSS vulnerability exists in CheckMK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the outputformat parameter, and the username parameter of failed HTTP basic authentication...

D-Link DIR-605L Model B Denial of Service Vulnerability

D-Link DIR-605L Model B is a wireless router product from AUO D-Link. A denial of service vulnerability exists in versions prior to D-Link DIR-605L Model B FW2.11betaB06hbrf. An attacker could exploit this vulnerability by sending an HTTP request with a password field with a long string in the HT...

Cross site request forgery (csrf)

connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request...

CVE-2017-16953

The CVE-2017-16953 issue affects ZTE ZXDSL 831CII devices, where connoppp.cgi does not require HTTP Basic Authentication. This allows an unauthenticated remote attacker to modify the PPPoE configuration (or set up malicious configurations) via a GET request. Public references corroborate an acces...

CVE-2017-16953

connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request...

CVE-2017-17065

An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service device crash or possibly have unspecified other impact by sending a sufficiently long string in the...

CVE-2017-17065

An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service device crash or possibly have unspecified other impact by sending a sufficiently long string in the...

CVE-2017-17065

An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service device crash or possibly have unspecified other impact by sending a sufficiently long string in the...

PT-2017-14693 · D Link · D-Link Dir-605L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-605L Model B versions prior to FW2.11betaB06 hbrf Description: An issue was discovered related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service device crash or possibly have...

ZTE ZXDSL 831CII - Improper Access Restrictions Vulnerability

Exploit for hardware platform in category web applications Exploit Title: ZTE ZXDSL 831 Unauthorized Configuration Access Exploit Author: Ibad Shah Vendor Homepage: zte.com.cn Software Link: - Version: - ZXDSL - 831CII Tested on: Windows 10 CVE :- 2017-16953 ======================================...